Protective Computing extends application-security verification by requiring explicit public boundaries around coercion, data disclosure, and degraded-path behavior.
| Protective control | ASVS area | Translation | Evidence |
|---|---|---|---|
| User-held keys / no backdoors | Cryptography / data protection | Adds a public prohibition on administrative decrypt capability. | PainTracker mapping |
| Bounded egress | Communications / data protection | Requires intent-linked egress and threat-aware disclosure review. | audit artifact draft |
| Coercion-safe limitations | Architecture / threat modeling | Requires the system to state what it cannot safely withstand under compulsion. | coercion scenario packet, reference packet |